stressfree - samba

Mounting CIFS shares at login with SELinux enabled

David — Sat, 17 May 2008 02:36:57 +0000

SELinux is as painful to use sometimes as it is powerful when it comes to locking down server permissions. Unfortunately even with distributions such as Red Hat which supports SELinux out of the box, you will still experience problems.

One such issue I came across recently was automounting CIFS shares on boot using netfs. At startup the netfs service was returning an "error 13 - error opening credentials file" when attempting to mount the CIFS shares. The problem was the SELinux was not allowing the netfs script to access the file that contained the CIFS authorisation details.

For example, my /etc/fstab had the following entry:

//WINDOWSSERVER/SHARE /mnt/windowsshare cifs credentials=/etc/samba/auth.cifs 0 0

And in the /etc/samba/auth.cifs file were the following details:

username=windowsuser
password=windowspassword

The solution to the problem was to change a SELinux boolean parameter with the following command (found here):

setsebool -P allow_mount_anyfile 1

This lets the mount command open any referenced file, effectively side-stepping the netfs error. Sure it is not 100% secure but it works without having to completely disable SELinux which seems to be most people's answer to any problems.

Automounting Samba shares in Leopard

David — Mon, 29 Oct 2007 08:52:51 +0000

Edit 15th November 2007: After a few weeks of use I have found the automount technique described here is a little unreliable not only from the perspective of keeping the mount point active but also for maintaining the correct file permissions. This maybe addressed in future OSX 10.5 updates but for the time being using user-level mounts via Finder or Go -> Connect to Server is more reliable. To automatically mount a volume save the mount point as a Favorite (Go -> Connect to Server -> Add favorite) and then drag this favorite (stored in ~/Library/Favorites) to the Login Items under Account Preferences.

Apple have pleased a number of people by laying to rest the NetInfo Manager in OSX 10.5 'Leopard'. Many of the functions performed by this Registry-like tool have been incorporated into the far tidier Directory Utility tool. Unfortunately whilst this tool includes the ability to define automounted NFS shares the same capability is not provided for Samba. This is a pain because if you have a couple of Samba servers on the network that need to be connected all the time, a good example being a network share for iTunes music.

Fortunately all is not lost as we can still edit the automount configuration files directly so that our Samba shares are always accessible. To start with open up the Terminal application as an administrative user and then use sudo to create a bash shell.

sudo bash (enter)

You will be prompted to enter your administrator password at this point.

We will now create a file entitled auto.smb in the /etc/ directory to hold our server details.

pico /etc/auto.smb (enter)

In this file enter the following line (add more lines for extra servers/shares)

$Sharename -fstype=smbfs ://$Username:$Password@$Server/$Share

Where:

$Sharename = the name you want to give the mount point
$Username = the user to connect to the server as
$Password = password of the user
$Server = the name of the server (dns/wins entry)
$Share = the name of the share on the server

As this file stores the username and password to the server in plain text set the permissions of the file so that only the root user can read it.

chmod 600 /etc/auto.smb (enter)

Now edit the /etc/auto_master file and append the auto.smb record at the end of the file. The auto_master file controls all the automounts for the system, leave everything about this file alone except for the extra line at the end.

pico /etc/auto_master (enter)

#
# Automounter master map
#
+auto_master # Use directory service
/net -hosts -nobrowse,nosuid
/home auto_home -nobrowse
/Network/Servers -fstab
/- -static
/Users/Resources auto.smb

This will tell the automounter to mount the shares defined in the /etc/auto.smb file under the /Users/Resources directory. So for example if auto.smb defined a Music share we would end up with /Users/Resources/Music. Note: You do not have to use /Users/Resources.

With the configuration files in place it is now time to tell the automounter to refresh the settings. Exectute the following command:

automount -vc (enter)

If all goes well you should see the following output from this command:

automount: /net updated
automount: /home updated
automount: /Users/Resources updated
automount: no unmounts

Now you should be able to open the Finder and see a /Users/Resources directory that lists (and magically takes you to) all the network shares you have defined in the auto.smb file.

Hopefully this is only a temporary fix and Apple includes the option to mount Samba as well as NFS shares in Directory Utility. Technically it is not hard to do and the end result would be far tidier.

Jeremy Allison speaks out on Novell

David — Mon, 15 Jan 2007 22:22:41 +0000

On December 29th Jeremy Allison officially left Novell and was able to speak openly about the Novell-Microsoft deal. He provided answers to questions posed Mary Jo Foley of ZDNet and Boycott Novell although it would appear that his answers to the later source were for the most part copied and pasted from his ZDNet interview. What is interesting from the interviews is that the controversial patent deal was included by Microsoft at the last minute (5 days before the announcement). This would suggest Novell was setup by Microsoft, or even worse intentionally withheld information from people within their own company that understood the most about the issues at hand. Whichever was the cause it does not bode well for Novell as it was a lot of negative publicity they could have seriously done without and even avoided if managed more effectively.

Jeremy Allison leaves Novell in protest

David — Fri, 22 Dec 2006 10:22:02 +0000

Lead Samba developer and vocal open source figure Jeremy Allison has left his position at Novell in protest of their recent patent-protection agreement with Microsoft. It is a great move from Jeremy who has made it clear in the past that his principles (and tongue lashings) will not be bent by corporate pressure.

In a parting shot Jeremy made public a letter he had sent to Novell management. Within it he made a brilliant point regarding the patent agreement and the often misunderstood reaction to it by the Free Software community:

"Do you think that if we'd have found what we legally considered a clever way around the Microsoft EULA so we didn't have to pay for Microsoft licenses and had decided to ship, oh let's say, "Exchange Server" under this "legal hack" that Microsoft would be silent about it - or we should act aggr[i]eved when they change the EULA to stop us doing this?"

It is an excellent point that brings into question people's willingness to accept theft and wrong doing as something that can only occur to an object with a defined monetary value. The components that form GNU Linux have a value, they are Free in all senses of the word. Yet when Novell and Microsoft found a way around the GPL2 license to 'sell' their patent-protection alongside GNU Linux many in the industry viewed it as completely honest and worthwhile. This even though the agreement broke in spirit, but not in practice, the licensing terms of the GPL2.

UPDATE: CNET News.com is reporting that Jeremy Allison will be joining Google in the new year.

Getting Vista working with Samba

David — Fri, 15 Dec 2006 12:29:20 +0000

In their efforts to 'innovate' (a.k.a. make it harder for people to use non-Microsoft products) it would appear that connecting to a Samba file server in Vista is not as easy as in prior versions of Windows. This BuilderAu post describes how to enable LM and NTLM authentication methods supported by Samba but disabled in Vista by default. It sounds like the Samba team are moving fast on getting Samba fully Vista compatible, unfortunately issues like this will effect NAS devices and servers not running the latest versions of Samba for a long time to come.

The Samba Team responds to Novell's actions

David — Mon, 13 Nov 2006 08:38:17 +0000

A few weeks after the Novell/Microsoft announcement the Samba Team have officially requested Novell reconsider their stand on patents. The Samba project is an important (if not crucial) piece of open source software that is allowing a wide variety of platforms (but mainly Linux) to compete head to head with Microsoft solutions in the workplace. Jeremy Alison co-heads the Samba project and is an employee of Novell but obviously this has not stopped the team from taking a moral stand against software patents and the actions of Novell and Microsoft.

This stance is completely opposite to the Mono team leader Miguel de Icaza's official support of the deal, but this is not surprising considering 99% of Mono development is funded and directed by Novell. I doubt Novell will heed Samba's request but at least its good to see such a prominent project take such a decisive stand on the matter.

Adventures in Samba with LDAP

David — Mon, 30 Oct 2006 05:00:56 +0000

Over the last week I have been experimenting with SMBLDAP-Tools and some of the new features available in the latest versions of Samba 3. Whilst I've written about setting up a Samba Primary Domain Controller with an LDAP-backend before SMBLDAP-Tools makes configuring this potentially troublesome (but very powerful) combination a lot easier.

For my testing I have been using the Factory build of Samba 3.0.23C for Suse 10. Suse 10 does not have a package for SMBLDAP-Tools but Suse 10.1+ does so I used the 10.1 source package and built it for Suse 10. After a bit of hassle I also applied a patch that fixed Computer creation account problems. If you are using Suse 10.0 the SMBLDAP-Tools package I built can be downloaded from here, otherwise compiling it from source is difficult as its just a collection of Perl scripts.

Configuring SMBLDAP-Tools

The easiest way to configure SMBLDAP-Tools is to run its configuration script at the command prompt:

configure.pl (Enter)

This will ask a range of questions ranging from the authentication details of your LDAP server to the specifics of your user profiles. Once configured it will save the smbldap.conf and smbldap_bind.conf files to the /etc/smbldap-tools directory ready to use.

After tailoring the configuration scripts as root run the smbldap-populate command to generate most of the required LDAP entries. Unfortunately it looks like Samba 3.0.23 expects a few other Domain groups which can be created with the following commands:

smbldap-groupadd -s S-1-5-32-545 -a -g 545 -t builtin "Users" (Enter)
smbldap-groupadd -s S-1-5-32-546 -a -g 546 -t builtin "Guests" (Enter)
smbldap-groupadd -s S-1-5-32-547 -a -g 547 -t builtin "Power Users" (Enter)

To create users use the smbldap-useradd command. The documentation for SMBLDAP-Tools is very comprehensive plus the help provided by the individual commands is very explanatory.

The smb.conf file

With SMBLDAP-Tools in place and configured it is now time to configure Samba. Below is my /etc/samba/smb.conf file. Please note this file has been processed by a Perl script hence all the spaces between configuration options are missing (do not worry Samba does not mind).

[global]
preservecase = yes
bindinterfacesonly = true
nameresolveorder = wins lmhosts bcast
maptoguest = Bad User
printcapname = /dev/null
domainlogons = Yes
disablenetbios = yes
preferredmaster = Yes
strictlocking = no
socketoptions = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY
printing = bsd
workgroup = STRESSFREE
useclientdriver = no
security = user
domainmaster = Yes
timeserver = yes
ldapadmindn = cn=admin,o=sfs
ldapsuffix = o=sfs
ldapusersuffix = ou=Users
ldapgroupsuffix = ou=Groups
ldapmachinesuffix = ou=Computers
ldapdeletedn = Yes
adduserscript = /usr/sbin/smbldap-useradd -m "%u"
addgroupscript = /usr/sbin/smbldap-groupadd -p "%g"
deleteuserfromgroupscript = /usr/sbin/smbldap-groupmod -x "%u" "%g"
deletegroupscript = /usr/sbin/smbldap-groupdel "%g"
addusertogroupscript = /usr/sbin/smbldap-groupmod -m "%u" "%g"
setprimarygroupscript = /usr/sbin/smbldap-usermod -g "%g" "%u"
addmachinescript = /usr/sbin/smbldap-useradd -w "%u"
deleteuserscript = /usr/sbin/smbldap-userdel "%u"
passwdchat = "Changing password for*\nNew password*" %n\n "*Retype new passw$
passwdprogram = /usr/sbin/smbldap-passwd -u %u
unixpasswordsync = yes
ldappasswdsync = yes
ldaptimeout = 5
loglevel = 0
interfaces = eth0,lo
passdbbackend = ldapsam:ldap://ldap.stress-free.co.nz/
loadprinters = no
winssupport = yes
changesharecommand = /usr/local/sbin/add_delete_share.pl
addsharecommand = /usr/local/sbin/add_delete_share.pl
deletesharecommand = /usr/local/sbin/add_delete_share.pl
serverstring = StressFree file and print server
oslevel = 65
svcctllist = cups apache2 mysql scalix scalix-tomcat dnsmasq smb nmb

## Section - [netlogon]
[netlogon]
browseable = No
comment = Network Logon Service
path = /var/lib/samba/netlogon
writelist = root

## Section - [profiles]
[profiles]
cscpolicy = disable
directorymask = 0700
createmask = 0600
browseable = No
path = /home/profiles
forceuser = %U
guestok = Yes
readonly = no
profileacls = yes

## Section - [music]
[music]
createmask = 664
directorymask = 0775
browseable = yes
writeable = yes
path = /home/music
guestok = no
comment = Music volume
forcegroup = users

## Section - [homes]
[homes]
readonly = No
browseable = No
comment = Home Directories
inheritacls = Yes
validusers = %S

With the above configuration many aspects of Samba can be configured directly within Windows (NT4, 2000, XP) using the srvtools.exe package. To administer these settings you must be logged into the domain as a Domain Administrator. This InformationWeek article talks more about the extended Samba/Windows administration features which turn out to be quite powerful.

In the above example I have configured Windows-based services and shares controlling. Whilst not as powerful as command line access these pieces of functionality are very useful to have in environments where the day-to-day administrator is not competent with a Linux command line.

Note: When setting these things up always remember to checkout the very thorough smb.conf Man file and Samba documentation.

Manage Linux services from Windows

Manage Samba shares from the desktop

Services Control

The services running on the Linux server can be controlled from Windows via Samba as of version 3.0.21. This functionality integrates into the NT4 Server Manager applet and 2000/XP MMC snap-in. Configuring it is very easy and requires two steps:

1. Create symlinks for the services you wish Samba to be able to control in /usr/lib/samba/svcctl to the service scripts in /etc/init.d. For example to control MySQL from Samba:

ln -s /etc/init.d/mysql /usr/lib/samba/svcctl/mysql

2. Once the symlinks are created to the relevant Linux services edit the /etc/samba/smb.conf file and set the svcctl parameter in the [global] section:

svcctllist = mysql

Restart Samba and now when you browse to the Linux server in Server Manager or MMC and view its services you will see the MySQL service, its status and have the option to start or stop it.

Share Management

NT4 Server Manager allows the directory shares for the server to be manipulated. This task is performed by either a perl or python script found in /usr/share/doc/packages/samba/examples/scripts/shares.

Locate the modify_samba_config.pl file found within the above directory and copy it to /usr/local/sbin. For clarity I also rename it to add_delete_share.pl. I have found that in Samba 3.0.23 this script must be modified in order for things to work correctly, edit the file and find the following lines:

elsif ($#ARGV == 3) {
$add_mode = 1;
}

and change it to read (change the 3 to a 4):

elsif ($#ARGV == 4) {
$add_mode = 1;
}

Now edit the /etc/samba/smb.conf file and add the following configuration options:

changesharecommand = /usr/local/sbin/add_delete_share.pl
addsharecommand = /usr/local/sbin/add_delete_share.pl
deletesharecommand = /usr/local/sbin/add_delete_share.pl

Restart Samba and you should find the shares on the server can be modified as required. Do note however that this script is not very advanced and does not provide advanced privileges support, it only creates basic shares. Also be aware that when using the Server Management tool the path to shared directories must be entered in a Windows centric format, for example c:\home\david for /home/david.

Jeremy Allison on FLOSS Weekly

David — Wed, 18 Oct 2006 09:59:29 +0000

Jeremy Allison finally made an appearance on FLOSS Weekly to talk about Samba. The delay was not through lack of trying (it was the third take of the show) and as usual he does not disappoint. My favourite bit when he was talking about a Sun conference he attended starring then CEO Scott McNealy:

"So he picks some like five rows back and she comes up to ask him a question. And it turns into a completely scripted song and dance routine. She was a ringer because he was scared to get an unfiltered question. He was scared to get an unfiltered question from one of his employees. I must admit Novell just isn't that organised...."

I guess that pretty much sums up the differences between Sun and Novell in a couple of sentences.

SuSE/OpenLDAP/Samba Howto

David — Thu, 24 Aug 2006 03:55:25 +0000

This tutorial assumes you are familar with basic Linux and Windows concepts and are comfortable using SuSE Linux 9 (Professional or Enterprize). SuSE 9.2 Professional was used during the production of this guide but for most part the commands, software and general concepts should be applicable on any current version of SuSE (or OpenSUSE).
To ease configuration it is very helpful to do most things from another desktop so that you can use really useful utilities like graphical Internet browsers and copy/paste tools.

Setting up the basic system

First off install your basic SuSE system. For this tutorial I used SuSE 9.2 Professional with the network install CD using the local New Zealand mirror at http://linux.jetstreamgames.co.nz/suse/i386/9.2
I prefer to perform an initial basic install with no extra packages or windowing environment. Using this strategy I have complete control over what goes on the system as far as software is concerned. This is important as a default SuSE install will put alot of unnecessary applications and libraries onto your server.

Once the base install is complete using Yast to install openldap, samba, apache2-prefork and php (with ldap & session support). If you are not sure how to do this log in as root and type yast (enter) in the terminal. To install packages select Software -> Install and Remove Software.

Run Online update (Software -> Online Update) afterwards to make sure you are at current working levels. There is a bug in the default install of PHP session support on SuSE 9.2. Without running Online Update you won’t get far in this tutorial as Apache will have problems running.

Sambas Recycle VFS provides Salvage-like functionality

David — Mon, 10 Apr 2006 09:03:11 +0000

If anyone's used Novell's NSS filesystem they will know how useful the Salvage tool is. All too often a file once thought of as useless is suddenly needed or even worse a useful file accidentally deleted. In a traditional Samba setup this deleted file is lost for good unless a copy exists in backup form. This is fine for some occasions but if you have just spent eight hours working on the file going back to a twelve hour old version is not that appealing.

Samba 3's Recycle VFS (Virtual File System) module solves this problem by providing Salvage like capabilities in a nice Samba container. When a file is deleted on the share it is not deleted from the filesystem but instead its file-pointer moved to the specified recycle directory for later retrieval (just like your standard Recycle Bin).

Recycle VFS is enabled at the share level which makes it quite flexible. To enable the functionality add the following to your smb.conf file (where SambaShare is a configured share) and restart Samba:

[SambaShare]
path = /home/example
public = yes
writable = yes
browsable = yes

# Add from this point down to the share config to enable Recycle VFS....
vfs object = recycle
recycle:repository = .recycle/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsixe = 0
recycle:exclude = *.tmp
recycle:exclude_dir = /tmp

This will enable the recycling functionality on the SambaShare share. Pointers to deleted files will be placed in the .recycle/Username directory on the share. To help Samba out you should create the .recycle directory in the share and make sure all users who may be deleting files on the share have read/write access to the directory.

This way if someone deletes a file they can browse to \\Server\SambaShare\.recycle\UserName and find the deleted file for easy restoration. The versions option enables multiple files of the same name to be safely deleted without fear of loosing all but one of the copies.
NOTE: The recycle directory does not have to be named .recycle, you can name it anything you like just specify the correct location in the smb.conf file.

The one issue you will need to plan for now is disk usage as deleted files will no longer be deleted. In order to reclaim disk space you will probably want to setup a cron job that searches for files in the recycle directory older than a specific time and deletes them or just do a big purge whenever storage space gets a little low.

Thanks goes out to this LUG thread and Google for pointing this out to me.

Update

Enabling this salvage functionality will result in a lot of hard disk space being lost to deleted files. Samba currently does not have an automatic clean or compression tool for these files so the easiest way to tidy them up is to remove them after a certain period of time.

To do so run the command (where /home/example is the path to the salvage enabled share):

find /home/example/.deleted -mtime +14 -type f -exec rm -r {} \;

This will delete all deleted files that are more than two weeks old. You can run this command on a regular basis by adding it as a cron job, for example to run it once a month create a file named /etc/cron.d/clean-deleted which contains:

0 3 1 * * root find /Users/david/Desktop/Temp -mtime +14 -type f -exec rm -r {} \;

This will delete the old files at 3:00am on the 1st of each month.

Samba 4 Technology Preview released

David — Wed, 25 Jan 2006 21:01:41 +0000

A Technology Preview of Samba 4 was recently released. The primary new feature is comprehensive Active Directory support. At the moment Samba 3 is capable of joining an Active Directory domain but it cannot function as an Active Directory controller of any sort.

Nice additions to Samba 4 is a built-in LDAP back-end and Kerberos encryption that is compatible with Microsoft's version. Linux Format has an interview with Jeremy Alison, a Samba developer. He talks about the long development process that has taken place and is still to come. The Technology Preview includes a good deal of the AD server functionality but still lacks printer and security features, plus the back-end LDAP structures are in flux. Still it is pretty exciting, maybe OpenSUSE 11 will feature Samba 4....

Fixing Samba/CUPS Permission Issues

David — Wed, 12 Oct 2005 08:26:27 +0000

I have found that Samba < 3.0.9 has a few permissions issues with CUPS when using the printing tools from Windows desktops. It turns out that there is a few issues with CUPS permissions and Samba but these apparently have been fixed in Samba versions 3.0.12 onwards.
In the interim to fix the issue you must edit the cupsd.conf file and comment out a few lines so that you have the following:

<Location /admin>
# AuthType BasicDigest
# AuthClass Group
# AuthGroupName sys
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>

This creates a bit of a security risk as anyone on the localhost can make printer administration changes but in a small network this is not such a huge deal (when compared to the loss of functionality if the settings are in place).

Customised Netlogon scripts for Samba Howto

David — Thu, 15 Sep 2005 01:25:00 +0000

I have put up a script that allows customisation of the batch file run when a Windows user logs into a Samba PDC. This script creates a unique login script based on the user's name and the groups they belong to. It ties nicely into any authentication method (file/LDAP/NIS/Kerebos/Samba) as long as PAM has been configured to pull user and group details from that source. The tutorial is online here:

Customised Netlogon scripts for Samba Howto

linux
samba

Customised Netlogon scripts for Samba

David — Thu, 15 Sep 2005 00:52:55 +0000

When logging into a Windows domain there is the option to run a script on the desktop to setup drives, synchronize time and anything else that maybe required.

Unfortunately the power of these scripts are reduced by the limited functionality of the client side scripting language and Samba's inability to produce tailored batch files for each user.
The following script is capable of generating very complex netlogon batch files based on the users name and group membership information stored on the Samba server. These user credentials are tied to the PAM authentication system and will work if your user credentials are coming from local files, LDAP or any other PAM compatible source.

To install download and unzip the archive available here.
NOTE: For the script to run successfully you must install the very small unix2dos utility using your distributions software installation tool (apt-get, yast, yum, rpm, etc).

Copy the netlogon script to /usr/local/bin on your Samba server.
Make sure the file is executable by the user Samba is running under. If in doubt just run:

chmod a+x /usr/local/bin/netlogon

Copy the netlogon.conf configuration file to /etc/samba on your Samba server.
Copy the netlogon-scripts directory to /etc/samba

Edit the netlogon.conf file and change the configuration options to your needs. For example:

server EXAMPLESERVER
scriptsdir /etc/samba/netlogon-scripts
netlogondir /home/samba

The netlogondir attribute should point to the location on your filesystem where the Netlogon share reads from. Your Samba server should be able to read and write to this location.

Edit the /etc/samba/smb.conf file and look for the following two lines that begin with "preexec" and "logon script". Change (or if they do not exist add) these two lines to read:

preexec = /usr/local/bin/netlogon %U
logon script = %U.bat

Once you have made the change restart the Samba smb service:

/etc/init.d/smb restart

Go to the /etc/samba/netlogon-scripts directory. In this directory you will see a series of example text files. header.txt and footer.txt are added to the top and bottom of each batch file respectively. In these two files you should add common commands like time synchronization and common drive mappings.
In these config files the keywords SERVER and USER are automatically replaced by the server name supplied in the netlogon.conf file and the username provided by Samba. This means you do not have to 'hard code' a config file to a particular server or user which makes upkeep and troubleshooting a little easier.

User specific declarations:

Files that begin with the prefix user- are entries exclusive to a specific user. In the example directory there is a file named user-david.txt which provides some drive mappings just for the user david on the system.

Group specific declarations:

Files that begin with the prefix group- are entries included in the batch file for users of a specific group. For example in the example directory the file group-users.txt adds a series of drive mappings for anyone in the users group.

Using these files an individually customised batch file is built for each specific user that logs on. If the user is added or removed from a group in the LDAP tree or /etc/groups file this change is automatically picked up the next time they perform a domain logon.

NOTE: It does not matter whether you edit the /etc/samba/netlogon-scripts files in Unix or Windows as the batch file is passed through unix2dos to ensure line breaks conform to the Windows standard.

Code Listing for netlogon

Below is a listing of the netlogon file. It is a fairly simple shell script and requires no special interpreter to run.

#!/bin/bash
# In config text files the following two variables can be used:
# SERVER = server name
# USER = username

# configure
configdir="/Users/david/Desktop"

server=`awk '/^server/{print $2}' $configdir/config.conf`
scriptsdir=`awk '/^scriptsdir/{print $2}' $configdir/config.conf`
netlogondir=`awk '/^netlogondir/{print $2}' $configdir/config.conf`

username=$1

echo Server: $server
echo Username: $username

# Remove any existing batch file
if [ -e $netlogondir/$username.bat ]
then
echo Removing existing $username.bat file
rm $netlogondir/$username.bat
fi
# Add header file if it exists
if [ -e $scriptsdir/header.txt ]
then
echo Adding netlogin file header to $username.tmp
cat $scriptsdir/header.txt > $netlogondir/$username.tmp
else
touch $netlogondir/$username.tmp
fi
# Add group directives
for group in `groups $username`
do
if [ -e $scriptsdir/group-$group.txt ]
then
echo Adding netlogin script group-$group.txt to $username.tmp
cat $scriptsdir/group-$group.txt >> $netlogondir/$username.tmp
fi
done
# Add specific user directives
if [ -e $scriptsdir/user-$username.txt ]
then
echo Adding netlogin script user-$username.txt to $username.tmp
cat $scriptsdir/user-$username.txt >> $netlogondir/$username.tmp
fi
# Add footer
if [ -e $scriptsdir/footer.txt ]
then
echo Adding netlogin file footer to $username.tmp
cat $scriptsdir/footer.txt >> $netlogondir/$username.tmp
fi
sed -e "s/SERVER/$server/g" $netlogondir/$username.tmp > $netlogondir/$username.tmp2
sed -e "s/USER/$username/g" $netlogondir/$username.tmp2 > $netlogondir/$username.bat
# Clean up tmp files
rm $netlogondir/$username.tmp*

# Convert line breaks to Windows format (requires unix2dos utility)
unix2dos $netlogondir/$username.bat

exit

SuSE/OpenLDAP/Samba Added to Tutorials

David — Mon, 12 Sep 2005 11:30:20 +0000

Today I finished a howto that goes through the steps to setup a Samba Primary Domain Controller (PDC) with an OpenLDAP backend on SuSE. The tutorial draws together a lot of the things I have learnt over the last few weeks working with Samba and OpenLDAP. If anyone reads it through and finds errors (both practical and grammatical) then please get in touch.